Phish: Duo push verification scam

Published: October 6, 2025

This phishing message tries to trick recipients into approving fraudulent Duo push notifications. The sender claims to be verifying an account or appointment and asks the recipient to “accept any Duo Push Notification Request” they receive today, tomorrow or anytime. This is a common multi-factor authentication (MFA) fatigue attack, where scammers send repeated push requests to gain access to accounts. Legitimate IT staff will never ask you to approve a Duo push you didn’t initiate. If you receive a suspicious push or message like this, deny the request and report it to your IT security team.

Email details

Security Notice:

NOTE: Whenever you receive any DUO PUSH NOTIFICATION REQUEST sent to your duo mobile app TODAY or TOMORROW or ANYDAY/ANYTIME after sending your login information above, please accept it to proceed with your verification process, is that understood. I can log in anytime either today or tomorrow or any day to verify your account and proceed with your appointment, so once I send the push request, just know that it’s me and please accept it to make it easier for me, else I will skip your verification process and move to another person immediately.

Phishing cues

  • Poses as a trusted or legitimate source

    The sender pretends to be from IT or a service provider authorized to verify accounts.

  • Sense of urgency

    The message pressures the recipient to act quickly, saying the sender will “move to another person immediately” if they don’t approve the push.

  • Requests for sensitive information

    The email instructs the recipient to provide login credentials and approve Duo push notifications, falsely claiming that this is necessary to verify their account or proceed with an appointment. The message uses urgency and insistence to pressure the recipient into granting access.

  • Unprofessional design or formatting

    The message lacks a greeting, has awkward phrasing and includes poor sentence structure.

  • Spelling and grammar mistakes

    There are grammatical errors and run-on sentences throughout the message.

  • Generic greeting

    The message doesn’t address the recipient by name.

Icon for report phishing

Report phishing

If you receive a suspicious email, do not open attachments or click on links. Report phishing attempts to security.response@utoronto.ca.

More phishing examples

Phish: Tuition scam

Phish: Tuition scam

September 3, 2025

Phish: Fake student support program

August 21, 2025

Phish: Notification of salary increase

August 21, 2025